我有一个基于角色的访问系统。
当调用API时,首先对用户进行身份验证,然后在实际调用端点之前进一步验证用户是否有访问端点的权限。
下面是该系统的一个示例:
WRITE = {"all": "write_access"} # this is used in user access verification method
READ = {"all": "read_access"} # this is used in user access verification method
ACCESS = {
# Administra